Обсуждение: pgsql: More cleanup on roles patch.

Поиск
Список
Период
Сортировка

pgsql: More cleanup on roles patch.

От
tgl@svr1.postgresql.org (Tom Lane)
Дата:
Log Message:
-----------
More cleanup on roles patch.  Allow admin option to be inherited through
role memberships; make superuser/createrole distinction do something
useful; fix some locking and CommandCounterIncrement issues; prevent
creation of loops in the membership graph.

Modified Files:
--------------
    pgsql/src/backend/commands:
        dbcommands.c (r1.162 -> r1.163)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/dbcommands.c.diff?r1=1.162&r2=1.163)
        user.c (r1.154 -> r1.155)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/user.c.diff?r1=1.154&r2=1.155)
    pgsql/src/backend/parser:
        gram.y (r2.500 -> r2.501)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/parser/gram.y.diff?r1=2.500&r2=2.501)
        keywords.c (r1.161 -> r1.162)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/parser/keywords.c.diff?r1=1.161&r2=1.162)
    pgsql/src/backend/utils/adt:
        acl.c (r1.116 -> r1.117)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/acl.c.diff?r1=1.116&r2=1.117)
    pgsql/src/backend/utils/init:
        flatfiles.c (r1.10 -> r1.11)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/init/flatfiles.c.diff?r1=1.10&r2=1.11)
    pgsql/src/include/utils:
        acl.h (r1.79 -> r1.80)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/utils/acl.h.diff?r1=1.79&r2=1.80)

Re: pgsql: More cleanup on roles patch.

От
Oleg Bartunov
Дата:
Do we follow RBAC  (http://csrc.nist.gov/rbac/) ?
Proposed NIST standard is available http://csrc.nist.gov/rbac/rbacSTD-ACM.pdf

     Oleg
On Wed, 29 Jun 2005, Tom Lane wrote:

> Log Message:
> -----------
> More cleanup on roles patch.  Allow admin option to be inherited through
> role memberships; make superuser/createrole distinction do something
> useful; fix some locking and CommandCounterIncrement issues; prevent
> creation of loops in the membership graph.
>
> Modified Files:
> --------------
>    pgsql/src/backend/commands:
>        dbcommands.c (r1.162 -> r1.163)
>        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/dbcommands.c.diff?r1=1.162&r2=1.163)
>        user.c (r1.154 -> r1.155)
>        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/user.c.diff?r1=1.154&r2=1.155)
>    pgsql/src/backend/parser:
>        gram.y (r2.500 -> r2.501)
>        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/parser/gram.y.diff?r1=2.500&r2=2.501)
>        keywords.c (r1.161 -> r1.162)
>        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/parser/keywords.c.diff?r1=1.161&r2=1.162)
>    pgsql/src/backend/utils/adt:
>        acl.c (r1.116 -> r1.117)
>        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/acl.c.diff?r1=1.116&r2=1.117)
>    pgsql/src/backend/utils/init:
>        flatfiles.c (r1.10 -> r1.11)
>        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/init/flatfiles.c.diff?r1=1.10&r2=1.11)
>    pgsql/src/include/utils:
>        acl.h (r1.79 -> r1.80)
>        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/utils/acl.h.diff?r1=1.79&r2=1.80)
>
> ---------------------------(end of broadcast)---------------------------
> TIP 7: don't forget to increase your free space map settings
>

     Regards,
         Oleg
_____________________________________________________________
Oleg Bartunov, sci.researcher, hostmaster of AstroNet,
Sternberg Astronomical Institute, Moscow University (Russia)
Internet: oleg@sai.msu.su, http://www.sai.msu.su/~megera/
phone: +007(095)939-16-83, +007(095)939-23-83

Re: pgsql: More cleanup on roles patch.

От
Tom Lane
Дата:
Oleg Bartunov <oleg@sai.msu.su> writes:
> Do we follow RBAC  (http://csrc.nist.gov/rbac/) ?

Personally, I'm reading SQL99 for this.

            regards, tom lane

Re: pgsql: More cleanup on roles patch.

От
Stephen Frost
Дата:
* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Oleg Bartunov <oleg@sai.msu.su> writes:
> > Do we follow RBAC  (http://csrc.nist.gov/rbac/) ?
>
> Personally, I'm reading SQL99 for this.

I've been following an SQL2003 draft...  That looks interesting but I
think we probably want to stick to SQL..

    Thanks,

        Stephen
Вложения

Re: pgsql: More cleanup on roles patch.

От
Oleg Bartunov
Дата:
On Wed, 29 Jun 2005, Stephen Frost wrote:

> * Tom Lane (tgl@sss.pgh.pa.us) wrote:
>> Oleg Bartunov <oleg@sai.msu.su> writes:
>>> Do we follow RBAC  (http://csrc.nist.gov/rbac/) ?
>>
>> Personally, I'm reading SQL99 for this.
>
> I've been following an SQL2003 draft...  That looks interesting but I
> think we probably want to stick to SQL..

we use RBAC for years as an external application and it's very nice to have it
built-in. I'm looking for possibility to check if given role have enough
privileges to perform some operation on some subset of data specified by
WHERE clause. For example, one role is granted full access the whole
catalog, while other could read all catalog and modify only part.

>
>     Thanks,
>
>         Stephen
>

     Regards,
         Oleg
_____________________________________________________________
Oleg Bartunov, sci.researcher, hostmaster of AstroNet,
Sternberg Astronomical Institute, Moscow University (Russia)
Internet: oleg@sai.msu.su, http://www.sai.msu.su/~megera/
phone: +007(095)939-16-83, +007(095)939-23-83